Category: information

Stop Badware

https://www.stopbadware.org/

The site claims that “Our work protects people and organizations from becoming victims of viruses, spyware, scareware, and other badware”. That sounds useful.

The StopBadware project started at Harvard University and was turned into an independent nonprofit organization in 2010.

What is Badware?

Badware is software that overrides a user’s choice about how his or her computer or network connection will be used.

Some badware is specifically designed for criminal, political, and/or mischievous purposes.

These purposes might include:

  • stealing bank account numbers, passwords, company secrets, or other confidential information
  • tricking the user into buying something that they don’t need
  • sending junk email (spam)
  • sending premium text messages from a mobile device
  • attacking other computers to prevent them functioning properly
  • distributing badware to other computers

Badware is sometimes referred to as malware. It includes viruses, Trojans, rootkits, botnets, spyware, scareware, and more.

The StopBadware programme:

 

  • provides Internet users with important and timely information about badware
  • helps website owners, particularly individuals and small businesses, protect their sites from badware; offers resources and community support to owners of compromised sites
  • engages web hosts and other key service providers to help them effectively and transparently address badware websites within their zones of control
  • encourages companies to proactively share data and knowledge with one another; leads collaborative information-sharing efforts that create greater security for all stakeholders
  • conducts high-impact research on malicious websites, cybersecurity econometrics, and critical infrastructure, to name just a few

Some badware may not have malicious intentions, but still takes away the user’s control.

For example, a browser toolbar that helps you shop online more effectively but does not mention that it will send a list of everything you buy online to the company that provides the toolbar. In this case, you are unable to make an informed decision about whether to install or use this software.

Another example is when you install a piece of software, and that software installs additional software that you weren’t expecting. This can be especially troubling if the additional software does something you dislike or doesn’t uninstall when you remove the original software.

STOP BADWARE!

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Fightback Ninja Signature

Does Facebook Listen to Your Conversation

People have wondered for some time how Facebook works out what adverts to serve up to which people and sometimes an advert that’s a little too accurate may turn up. That’s sets people wondering whether Facebook listens in on their phone conversations and there’s anecdotal evidence that seems to make the point.

At recent congressional hearings, when Senator Gary Peters asked Mark Zuckerberg (head of Facebook) if Facebook listens to users through their cell phone microphones in order to collect information with which to serve them adverts, Zuckerberg said “No.”

How Facebook Collects Information

The Facebook APP does request microphone permissions for any videos you post, as well as to identify music or TV shows when you use the “Listening to” status feature, but does not listen to your conversation.

It starts with your Facebook profile plus everything you post on Facebook. Facebook tracks you through Like buttons on other web pages. This is even true for people without a Facebook account.

It also:-

  • Uses data from its other APPS – Instagram and WhatsApp
  • Tracks data from APPS within Facebook e.g. quizzes
  • Tracks when you use your Facebook login to access other websites
  • Maintains shadow profiles on people who don’t use Facebook.
  • Records unique phone identifiers through in-app advertising to associate your identity across the different devices you use.
  • Tracks your location constantly
  • Tracks your purchases

If you have ever been surprised by a Facebook advert for a product popping up right after you were talking out loud about it, it may be that Facebook has learned too much about you but it won’t be from your conversations.

Most people dislike adverts but understand that advertising fund the websites and services and APPS so is a necessary ‘evil’.  Some prefer adverts that are relevant whereas others find that creepy or intrusive.

However, most do accept that targeted advertising is likely to become more prevalent and more accepted.

Facebook don’t listen to your conversations, but they can collect so much information about us that it may seem that adverts can sometimes be too accurately targeted at you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

 

 

Delisting on Google

In May 2014, the European Court of Justice established the “right to be forgotten,” i.e. the “right to delist,” allowing Europeans to ask search engines to delist information about themselves from search results.

Google must consider if the information in question is “inaccurate, inadequate, irrelevant or excessive”—and whether there is a public interest in the information remaining available in search results.

Understanding how Google make these types of decisions—and how people are using new rights like those granted by the European Court—is important. Since 2014, Google have provided information about “right to be forgotten” delisting requests plus anonymized examples of some of the requests Google have received

Between 2014 and 2017, there have been 665,612 requests to delist covering 2,470,351 URLs.  Roughly 43% of requests to delist have been enacted and the rest refused as not complying with the guidelines for delisting.

Evaluating Requests

Google assess each request on a case-by-case basis. In some cases, Google may ask the individual for more information. After a request is submitted to Google it undergoes a manual review and once a decision has been reached, the individual will receive an email notifying him or her of the decision and, if Google do not delist the URL, a brief explanation.

Reasons Google Don’t Delist

A few common material factors involved in decisions not to delist pages include:-

  • the existence of alternative solutions
  • technical reasons
  • duplicate URLs

Google may also determine that the page contains information which is strongly in the public interest. Determining whether content is in the public interest is complex and may mean considering many diverse factors, including—but not limited to—whether the content relates to the requester’s professional life, a past crime, political office, position in public life, or whether the content is self-authored content, consists of government documents, or is journalistic in nature.

Google also publish some of the requests in an anonymized manner to allow debate and comment on whether delisting should occur in each example.

Example Request 1: Google received a request from the Austrian Data Protection Authority on behalf of an Austrian businessman and former politician to delist 22 URLs, including reputable news sources and a government record, from Google Search.

Outcome: We did not delist the URLs given his former status as a public figure, his position of prominence in his current profession, and the nature of the URLs in question.

Example Request 2: Google received a request from an individual to delist several URLs from Google Search about his election as leader of a political movement and other political positions he held when he was a minor.

Outcome: Google delisted 13 URLs as he did not appear to be currently engaged in political life and was a minor at the time. Google did not delist 1 URL as the page referred to a different person who had the same name as the requester.

Example Request 3: Google received a court order directed to Google Inc. to delist from Google Search a blog post about a professional who was convicted for threatening people with a weapon on a city street.

Outcome: Google appealed the decision, but lost the appeal. Google delisted the blog post.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Santander Scam Avoidance School

Santander launched ‘Scam Avoidance School’ (SAS) for over 60s at all 806 branches across the UK in 2018.

Their research shows 82% of over 60s want more to be done to help them avoid scammers – Age UK stats suggest that 53 per cent of people aged 65+ have been targeted.

Former Strictly Come Dancing Head Judge, Len Goodman, 73, became the first graduate of the Scam Avoidance School

Following research among the over 60s to understand what really worries them about scams and fraud, alongside input from Dr Paul Seager, Psychology Professor at Lancashire University, a bespoke lesson plan was created for Santander branch staff to deliver to tens of thousands of over 60s.

The lesson, which includes interactive activities and a handout to take away, covers the tricks scammers use to reel people in, how to spot email and text scams as well as covering contactless fraud and cashpoint fraud – areas that the research highlighted as being a real concern to Over 60s.

Statistics

  • Two thirds of the Over 60s are worried about the threat of fraud and scams with 82 per cent thinking more should be done to educate them
  • More than 20% of Over 60s believe they have been approached more than 10 times by scammers in the last year
  • The average lost by Over 60s to scammers who had fallen victim was £401. Previous research from Santander revealed that older victims of scams will, on average, lose more than double that of younger age groups
  • While 95 % of Over 60s own a mobile phone and 96 per cent have a computer, around one in five avoid online banking for fear of being targeted by scammers

Among the 64 per cent of older people who are worried about the threat of scams, a range of factors were highlighted as making them particularly susceptible. The biggest of these were: being vulnerable because of illness or disability (74 per cent); being financially unaware (57 per cent) or simply being on their own (37 per cent).

Chris Ainsley, Head of Fraud Strategy at Santander’s UK, commented “We believe that education and public awareness is absolutely key to tackling what is currently one of the biggest threats to the security of people’s finances. We hope that with a little bit of scam-avoidance knowledge, our Over 60 pupils can feel empowered to stop scammers in their tracks.”

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

The Phone-Paid Services Authority

https://psauthority.org.uk/

The Phone-Paid Services Authority is the UK regulator for content, goods and services charged to a phone bill.

Phone-paid services are the goods and services that you can buy by charging the cost to your phone bill or pre-pay account. They include directory enquiries, voting on TV talent shows, donating to charity by text, joke lines, chat lines, games or downloading apps on your mobile phone. They are referred to as premium rate services in law.

UK regulation is open, fair and robust, underpinned by a Code of Practice approved by OFCOM.

Ofcom. As the telecoms, internet and payments sectors continue to grow globally at an unprecedented rate, the Phone-paid Services Authority takes action to safeguard consumers and help cutting-edge providers of digital content and services to thrive.

Their vision is a healthy and innovative market in which consumers can charge content, goods and services to their phone bill with confidence.

The Mission of the Phone Pre-Paid Services Authority

To protect consumers from harm in the market, including where necessary through robust enforcement of our Code of Practice and to further their interests through encouraging competition, innovation and growth in the market.

They seek to do this through:

  • Providing clarity about the market for content, goods and services charged to a phone bill
  • Applying an outcomes-based Code of Practice
  • Delivering a balanced approach to regulation
  • Working in partnership with Government and other regulators
  • Delivering high standards of organisational support.

What are Phone-Paid Services and How Do They Charge You?

Phone-paid services is a generic name for goods and services that you purchase and are charged to your telephone bill or pay-as-you-go credit. Here are some examples of phone-paid services:-

  • Quizzes and competitions
  • Voting (e.g. X-Factor, Britain’s Got Talent, Strictly Come Dancing)
  • Charity donations (one-off donations or subscriptions)
  • Digital content (e.g. apps, in-app purchases, digital media,
  • one-off purchases or subscriptions)
  • Directory enquiries (e.g. 118 numbers)
  • Adult services (e.g. chat, dating)
  • Gambling

The job of the Phone Pre-Paid Services Authority is to look after the industry and ensure people are not cheated. But it’s everyone’s responsibility to behave sensibly and that includes not downloading unsafe APPS, checking all payments and not handing over confidential information to unknown people or APPS.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

UK Government Cyber Essentials Scheme

https://www.cyberessentials.ncsc.gov.uk/

The government says Cyber Essentials helps your business to guard against the most common cyber threats and demonstrate your commitment to cyber security

Self-Help for Cyber Essentials

The guide explains how to:

  • Secure your Internet connection
  • Secure your devices and software
  • Control access to your data and services
  • Protect from viruses and other malware
  • Keep your devices and software up to date

The Three levels of Engagement

Not everyone has the time or resources needed to develop a full-on cyber security system. So we’ve designed Cyber Essentials has been designed to fit with whatever level of commitment you are able to sustain. There are three levels of engagement:

  1. The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
  2. Basic Cyber Essentials certification.
  3. Cyber Essentials Plus certification.

1.     Self Help

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

2.     Certified Cyber Security

Cyber Essentials Certificate £300 approx. (+VAT)

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

In the process of obtaining Cyber Essentials Certification is simple, you can opt to buy as much or as little help as you need from the company you choose to certify you.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

  • Reassure customers that you are working to secure your IT against cyber attack
  • Attract new business with the promise you have cyber security measures in place
  • You have a clear picture of your organisation’s cyber security level
  • Some Government contracts require Cyber Essentials certification

3.     Cyber Essentials Plus Certificate

The cost for this is only available on application.

It has all the benefits of Cyber Essentials PLUS your cyber security is verified by independent experts.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. The advice is designed to prevent these attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.

The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.

Cyber Essentials and Government Contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification.

Fightback Ninja Signature

 

Are Your Phone APPS Tracking You

A surprising number of smartphone APPS ask on installation for permission to access your location.  For APPS such as the Automobile Association or Google Maps or Local weather or Find a Restaurant this makes sense but many APPS want to track your location for their own benefit – not yours.

Carnegie Mellon University carried out a study on Android phones. The researchers followed 23 Android phone owners for three weeks. In the first week, they were asked to use their apps as they normally would. In the second week, the participants used an app called App Ops to monitor and manage the data those apps were using. In the third week, the research team introduced a “privacy nudge” alert that would ping the participants each time an app requested location data.

The title of the study is: Your Location Has Been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging.

You can see what level of problem there is.

Why do APPS access your location so often? Quite often, the answer is Marketing – the APP transmits your location regularly back to base where it’s sent to one or more advert networks so they can track where you visit and try to fashion appropriate adverts to be shown on your device.

Apparently, the free APPS are the worst for this behaviour. You can see they need to make money and one way is to sell that user data including location.

Take Control of Your Device

If you want to know exactly what an app is allowed to track on your Android phone, open the Settings app then go to Apps & notifications, choose an app, and select Permissions. Over on iOS, launch the Settings app then pick an app to see the permissions it has. Most of these permissions can be revoked with a toggle switch on both Android and iOS.

On both Android and IOS you can disable location altogether, but that may be overkill as it is useful in some APPS.

Be aware of which APPS track your location and if you cannot see why one needs your location then consider deleting the APP and replacing it.

Fightback Ninja Signature

 

Regulator to Protect Victims of Payment Scams

Authorised Push Payment (APP) scams are where people are conned into authorising their bank to make payment to a fraudster.

The Payments Systems Regulator (PSR) is planning for new protections for consumers, from APP scams, to be in place from September 2018, as an industry code.

The Regulator ran a consultation from November 2017 to January 2018, to give people the opportunity to provide feedback on the regulator’s plans. It gathered opinions from the payments industry, consumer groups and individuals to make sure the PSR could understand how best to protect people from APP scams.

The Changes

Once the industry code is in place, it will be publicly consulted on, for refinement in early 2019 and the regulator expects that it will continue to evolve to ensure preventative measures are kept up to date.

The PSR is also bringing consumer and industry representatives together to establish a dedicated steering group. Led by an independent chair appointed by the PSR, the group will ensure the contingent reimbursement model is designed in the best way to minimise the number of scams in the future and protect victims of scams.

Paul Smith, Head of Policy at the PSR, said:

“This is about making a positive difference for people to protect them from APP scams – where people are tricked into sending money to a fraudster. The banks have already made some changes but, from September 2018, this industry code will see better protections available to everyone.  We expect the code to evolve over time to make sure methods of preventing APP scams are up to date.”

“This is a complex piece of work and we have set a challenging timeline, but it is essential we see, as soon as possible, a model that is effective in protecting people.”

Good progress by the regulator.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The Society of Citizens Against Romance Scams

https://againstromancescams.org/

The Society of Citizens Against Romance Scams (SCARS) claim to represent more than 25,000 people, dedicated to changing the world of online fraud for the sake of everyone.

SCARS aspires to be the global organization to coordinate political advocacy, public education and avoidance programs, have an enforcement focus, support victims and promote recovery programs, and establish best practices and standards throughout the world. “A Beacon In The Darkness”.

That’s quite a mission.

SCARS

The focus of the Society is to:

  • Consolidate the voices of many into a single voice.
  • Work for the creation and implementation of universal standards and practices that provide effective and ethical anti-scam activities
  • Engage government, law enforcement, and victims globally in new methods to aggressively combat online fraud.
  • Create the first worldwide Anti-Scam Data Reporting Network with industry partners for real time exposure of fraudsters
  • Develop support and recovery solutions for traumatized victims based upon the best methods employed in the private and public sectors.

SCARS Membership:

For Individuals: join in the transformation that will begin to bring an end to the uncontrolled reign of online fraud. As additional benefits are added you will automatically be eligible.

For Professionals: you will be able to take advantage of numerous committees and their work product to improve your skills. In the future we will develop accredited continuing educational courses. Additionally you will become a part of a network of professional practitioners in victim’s support, investigation, and related practices available for certification.

For Groups and Organizations: you will have access to accreditation and certification processes to improve your services and offerings, and demonstrate to the public your degree of superior practices.

Professional Links

SCARS claims to be the only anti-online fraud non-governmental organization recognized by governments around the world and partners with a various important authorities, including:-

  • The United States Department of Homeland Security
  • Recognized Victims Assistance Organization
  • S. Department of Justice Office of Victims of Crime
  • S. DoJ OVC National Census Of Victim Service Providers
  • NCVC Victim Connect Program
  • NOVA – National Organization for Victim Assistance
  • SCARS Is a member of The European Union’s Council Of Europe Octopus Cybercrime Organization

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Virus Checker Website

The website VirusTotal at https://www.virustotal.com was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.